Michael Cooper
July 20, 2019 07:26AM
Hello Guys, First time poster to nginx list. I have successfully created an
nginx proxy but i am only using http at the moment:
The following works perfectly
# Coopfire.com Website #

server {
server_name www.coopfire.com;

location / {
# www.coopfire.com reverse proxy follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xxx.xxx.xxx.xxx:80;
}
}

am trying to add https: to this because I have a need for it for my blog
app it is as follows:
server {
server_name blog.coopfire.com;

location / {
# coopfire.com reverse proxy follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xxx.xxx.xxx.xxx:2368; *<- This works fine*
# proxy_pass https://xxx.xxx.xxx.xxx:444; *<- This does not work in
browser with ip it does*
}
}

So I have seen a few different configurations where the ssl cert has a path
that appears to be local to the proxy server, Does this mean I put the
certs on the proxy instead of the backend server?

server {
listen 80;
return 301 https://$host$request_uri;
}

server {

listen 443;
server_name jenkins.domain.com;

ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/jenkins.access.log;

location / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8080;
proxy_read_timeout 90;

proxy_redirect http://localhost:8080 https://jenkins.domain.com;
}
}

Also I see on the top it is redirecting all http requests to https, Do
certs need to be added to all the sites?

Thanks,
--
Michael A Cooper
Linux Certified
Zerto Certified
http://www.coopfire.com
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Reverse Proxy

Michael Cooper July 20, 2019 07:26AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 45
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready